RealTime IT News

Open Source Metasploit Improves Evasion

LAS VEGAS -- Few tools are freely available to security researchers that are as powerful for developing and testing exploit code as the open source Metasploit Framework.

No matter how powerful the current version of Metasploit is, the upcoming version 3.0 will be even more so.

Metasploit creator H.D Moore took the stage at the Black Hat conference here and regaled the audience with details about the dramatic improvements of version 3.

The new version is a complete rewrite all done in the Ruby language and includes many new features designed to expedite exploitation, as well as infuriate Intrusion Detection System (IDS) vendors.

The charismatic Moore explained to the assembled faithful that the current Metasploit 2.6 Framework has a number of problems, among which is it's written in Perl . According to Moore, there is no stable release of Perl 6 in sight.

"Perl 6 should be written by the time hell freezes over," Moore told the audience.

Perl's cross-platform support is terrible particularly on Win32 platform and causes increased load times. The fix for Moore and the Metasploit developers?

Drop it and write something else.

Metasploit 3 is written in Ruby, a language that allowed Moore and his cohorts to compress the code by 40 percent. It has also allowed them a greater degree of flexibility and automation.

"One of the things that sucks in version 2 is that it can only handle one shell at a time," Moore said.

Multitasking via Ruby threads allows Metasploit 3 users to conduct concurrent exploits and sessions. Exploit delivery is enhanced with new payload-closed and auxiliary modules, which can be integrated without security tools for target enumeration.

Metasploit 3 also takes aim at evading detection by IDS with strong evasion techniques that Moore claims will defeat most solutions.

"We really want to scare the IDS guys, and it's time to put our foot down," Moore said. "I'm not sure how they get past QA [quality assurance]; I'm not even sure they do QA."

It's not all about new features, either. Metasploit 3 sports a brand-new license, too.

Moore hushed the stunned crowd when he announced the new license by noting that it was not his intention to end up like Tenable's Nessus, which went from open to closed source last year.

The new Metasploit Framework license v.1.1 is intended to keep the source open but prevent comment abuse and product integration.

"We know we won't make money on open source and we want to make sure that no else does, either," Moore said.

Metasploit 3 is currently in beta and is expected to be released later this year.